Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 01 Dec 2006 07:50:14 -0500
Tonnerre Lombard wrote:
Salut, On Fri, 2006-12-01 at 07:26 -0500, J. Oquendo wrote:So again... Some of you guys need to go back and read before you post....In this case, the NF wasn't in your original posting, so I could hardly have seen it. Still, there are problems with it, but not security wise...awk 'NF<=10&&($6=="nvalid"||$7=="user")&&$9=="from"{print $10}'Once you try a moronic name insertion it makes the columns more than 10 rows invalidating it.In that case, your script isn't going to work in most cases. For example, on our router we get: Dec 1 13:35:24 rtsyg01 sshd[12178]: Failed password for invalid user asdf from 10.1.5.166 port 51558 ssh2 -> more than 10 columns.
And this is my problem how? The script was written mainly for myself and was passed on as something someone can use at their leisure and expense. "Your script isn't going to work boohoo" Is it not customizable to fit your need. I would think so all it is doing is text processing
no brainer there.
Also, one of our customers uses user names which consist of two parts which are separated by spaces. This is due to his use of Windows. The users are called e.g. "John Doe", so you do an ssh "John Doe () servername asdf ch". In this case, your script fails entirely
Again... Re-read my previous paragraph. -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Raphael Marichez (Dec 01)
- Re: SSH brute force blocking tool Raphael Marichez (Dec 01)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)
- Re: SSH brute force blocking tool Tonnerre Lombard (Dec 01)
- <Possible follow-ups>
- Re: SSH brute force blocking tool Simon Smith (Dec 05)
- Re: SSH brute force blocking tool J. Oquendo (Dec 01)